ADVERTISEMENT

Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft

Vincent, the vLex AI assistant used by tens of thousands of legal teams and law firms worldwide, contains an AI-phishing vulnerability that attackers could exploit via hidden HTML code – all to steal users’ login credentials and potentially expose sensitive client files.

AI hacker

Image by Cybernews

Stefanie Schappert
Stefanie Schappert Senior Journalist
Dec 24, 2025 Updated: 30 December 2025 3 min read
Key takeaways:
vLex Vincent AI phishing vulnerability
Image by PromptArmor.
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

Malicious pop-ups can steal logins

vLex Vincent Ai phishing vulnerability
Arrow points to hidden prompt injection text. Image by PromptArmor.
ADVERTISEMENT
vLex Vincent AI  phishing vulnerability 3
Any credentials entered in the fake login are stolen by the attacker. Image by PromptArmor.

Recommendations to harden vLex

vLex Vincent AI phishing vulnerability 4

ADVERTISEMENT